CN109791566B - System and method for controlling access to encrypted vehicle-mounted data - Google Patents

System and method for controlling access to encrypted vehicle-mounted data Download PDF

Info

Publication number
CN109791566B
CN109791566B CN201780061474.9A CN201780061474A CN109791566B CN 109791566 B CN109791566 B CN 109791566B CN 201780061474 A CN201780061474 A CN 201780061474A CN 109791566 B CN109791566 B CN 109791566B
Authority
CN
China
Prior art keywords
node
vehicle
key
child
child node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201780061474.9A
Other languages
Chinese (zh)
Other versions
CN109791566A (en
Inventor
朱成康
魏卓
方成方
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei International Pte Ltd
Original Assignee
Huawei International Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei International Pte Ltd filed Critical Huawei International Pte Ltd
Publication of CN109791566A publication Critical patent/CN109791566A/en
Application granted granted Critical
Publication of CN109791566B publication Critical patent/CN109791566B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/12Use of codes for handling textual entities
    • G06F40/14Tree-structured documents
    • G06F40/146Coding or compression of tree-structured data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/008Registering or indicating the working of vehicles communicating information to a remotely located station
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M7/00Conversion of a code where information is represented by a given sequence or number of digits to a code where the same, similar or subset of information is represented by a different sequence or number of digits
    • H03M7/14Conversion to or from non-weighted codes
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M7/00Conversion of a code where information is represented by a given sequence or number of digits to a code where the same, similar or subset of information is represented by a different sequence or number of digits
    • H03M7/30Compression; Expansion; Suppression of unnecessary data, e.g. redundancy reduction
    • H03M7/70Type of the data to be coded, other than image and sound
    • H03M7/707Structured documents, e.g. XML
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Abstract

This document describes a system and method for controlling access to encrypted vehicle data. The system described in this document employs a hierarchical access control method such that an authorized user can access optional encrypted vehicle-mounted data stored in a cloud server in a hierarchical manner, and then the authorized user can decrypt the selected encrypted data and all sub-data associated with the selected encrypted data.

Description

System and method for controlling access to encrypted vehicle-mounted data
Technical Field
The present invention relates to a system and method for controlling access to encrypted vehicle data. Specifically, the system employs a hierarchical access control method such that an authorized user can access optional encrypted vehicle-mounted data stored in a cloud server in a hierarchical manner, and then the authorized user can decrypt the selected encrypted data and all sub-data associated with the selected encrypted data.
Background
An intelligent vehicle or an autonomous vehicle refers to a vehicle equipped with an electronic system for detecting the operating conditions and surrounding environment of the vehicle, automatically starting certain critical functions (e.g., activating or deactivating the ignition of the vehicle), and in certain cases, performing unmanned operation. Electronic systems in these types of vehicles typically detect or sense their surroundings through wireless means such as radar, global positioning satellites (global positioning satellite, GPS), doppler sonar, or even through image recognition systems with image capturing means. Control systems provided in these electronic systems receive and parse the detected or captured information to determine navigation paths or, more generally, store data for future diagnostic analysis.
Since intelligent vehicles are typically used daily, the vehicle's electronic system will accumulate a large amount of captured and detected data. The collected data may include personal information about the vehicle user, such as the user's daily driving habits, the user's home and office address, the user's home activity pattern-due to the acquired GPS data, and all diagnostic data of the vehicle. All of these electronic data are vulnerable to electronic attacks by hackers or unauthorized users, as compromised electronic systems allow malicious attackers to access the vehicle and the vehicle user's private information. Such data is therefore typically protected in various encrypted forms, so that the data can only be decrypted by an authorized user of the vehicle.
When the vehicle is sent to a third party service provider for repair, maintenance, parking or charging, etc., it would be of great benefit to the service provider if the service provider had access to diagnostic data of the vehicle or specific functions of the vehicle. Thus, the vehicle user may allow the service provider to access stored specific diagnostic data or the vehicle user may allow the service provider to access specific vehicle functions, such as automatically driving for a fixed period of time, etc.
One common approach is to store the collected data in a secure store in the vehicle, as is typically the case. For example, when the vehicle is sent to a service provider for repair, the service provider is granted the necessary rights to access the stored data. One common method of authorizing a service provider to access stored encrypted data is to provide the service provider with an encryption key so that the authorized service provider can decrypt any data they need to perform their diagnostic operations. The disadvantage of this approach is that, due to the provision of the encryption key to the service provider, the service provider can now decrypt and download all stored data, including the private information of the vehicle user.
To prevent this, it is proposed to encrypt data separately according to the data type and data collection time. For example, data relating to the operation of the vehicle engine may be collected daily and the collected data encrypted daily. A disadvantage of this approach is that if the service provider needs to obtain engine information for a certain number of days, e.g. 30 days, the vehicle owner will need to provide the service provider with a large number of encryption keys corresponding to these days, e.g. 30 encryption keys corresponding to the above-mentioned time period.
The proposed methods include the risk of unexpected data leakage, the risk of issuing unauthorized or super-privileged commands, and higher encryption key management complexity. For the above reasons, those skilled in the art have sought a system and method for controlling access to encrypted vehicle data so that an authorized service provider can access specific encrypted data in a hierarchical manner.
Disclosure of Invention
The above and other problems are solved and an advance in the art is made by the systems and methods provided in accordance with embodiments of the present invention.
A first advantage of embodiments of systems and methods according to the present invention is that a user of the system need only store a single HIBE root key that can be used to generate a private data key to encrypt a data log, and also can be used to generate a parent private key for a third party to obtain a child key for decrypting a child ciphertext. This ensures that the third party can only decrypt the child ciphertext from the parent private key.
A second advantage of embodiments of systems and methods according to the present invention is that the private keys used to decrypt the data log need not be stored in the local device, as these keys can be generated on demand using the root key.
A third advantage of embodiments of systems and methods according to the present invention is that the vehicle user may securely transfer the root key from the vehicle to the user's mobile device, thereby allowing the user to issue a private parent key to a third party service provider.
The above-mentioned advantages are achieved by an embodiment of the method according to the invention operating in the following manner.
According to a first aspect of the present invention, a system for controlling access to vehicle-mounted data includes a vehicle-mounted device for: collecting vehicle-mounted data of a vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle; encrypting each piece of the collected vehicle-mounted data using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marker node of each piece of the vehicle-mounted data and a root key corresponding to the root node; transmitting the encrypted vehicle-mounted data and the marking node thereof to a cloud server; the cloud server is used for: and receiving and storing the encrypted vehicle-mounted data and the marking node thereof. The system also includes a service device for: transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received; receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure; determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data; requesting an aggregate key for the common sub-node group, and generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the tag node of each piece of received encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding encrypted vehicle-mounted data.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the node tree structure further includes a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit; wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; each identity is represented as a node on the node tree by: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the generating each corresponding subkey based on the marking node of each piece of vehicle-mounted data includes: determining a first child node, a second child node and a third child node of the marker node of each piece of the collected vehicle-mounted data, for each node: generating a first child node key using the root key, the first child node, and the root node; generating a second child node key using the first child node key, the second child node, the first child node, and the root node; generating a subkey using the third subnode, the second subnode, the first subnode, the root node, and the second subnode key.
With reference to the first aspect, or any one of the first and second possible implementation manners of the first aspect, in a third possible implementation manner of the first aspect, the system further includes a mobile device configured to: retrieving a shared secret from which the vehicle-mounted device is aware; encrypting the shared secret and transmitting the encrypted shared secret to the vehicle-mounted device to negotiate a shared encryption key for establishing secure communications between the mobile device and the vehicle-mounted device; the in-vehicle apparatus is configured to: encrypting the root key using the shared encryption key; transmitting the encrypted root key to the mobile device.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the mobile device is configured to: upon receiving a request for obtaining the aggregate key for the common set of children, generating the aggregate key for the common set of children based on the root key and the hierarchical relationship of children in the common set of children; transmitting the generated aggregate key to the service device.
With reference to the first aspect, in a fifth possible implementation manner of the first aspect, the in-vehicle device is configured to: generating the aggregation key for the common sub-node group based on the hierarchical relationship of the root key and sub-nodes in the common sub-node group after receiving a request for acquiring the aggregation key of the common sub-node group; transmitting the generated aggregate key to the service device.
With reference to the first or fourth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a second aspect of the present invention, an in-vehicle apparatus provided in a vehicle for generating encrypted in-vehicle data, the in-vehicle apparatus comprising: a processor; a non-transitory medium readable by the processor, the non-transitory medium storing instructions that, when executed by the processor, cause the processor to: collecting vehicle-mounted data of the vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle; encrypting each piece of the collected vehicle-mounted data using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marker node of each piece of the vehicle-mounted data and a root key corresponding to the root node; and transmitting the encrypted vehicle-mounted data and the marking node thereof to a cloud server.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the node tree structure further includes a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit; wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; the instructions for instructing the processor to represent each identity as a node on the node tree structure further comprise: for each identity, instructions for instructing the processor to: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the second aspect, in a second possible implementation manner of the second aspect, the instructions for instructing the processor to generate each corresponding subkey based on the marker node of each piece of in-vehicle data include: instructions for instructing the processor to: for each marked node, determining a first child node of the marked node, a second child node of the marked node, and a third child node of the marked node, and generating a first child node key using the root key, the first child node, and the root node; generating a second child node key using the first child node key, the second child node, the first child node, and the root node; generating a subkey using the third subnode, the second subnode, the first subnode, the root node, and the second subnode key.
With reference to the second aspect, the first or second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the in-vehicle device further includes instructions for instructing the processor to: after receiving a request for acquiring an aggregation key of a common child node group, generating the aggregation key for the common child node group based on the hierarchical relationship of the root key and child nodes in the common child node group; transmitting the generated aggregation key to a service device.
With reference to the first possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a third aspect of the present invention, there is provided a service device for controlling access to vehicle-mounted data of a vehicle, the vehicle-mounted data being collected and marked with nodes on a node tree structure, the vehicle-mounted data being encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the service device comprising: a processor; a non-transitory medium readable by the processor, the non-transitory medium storing instructions that, when executed by the processor, cause the processor to: transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received; receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure; determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data; requesting an aggregate key for the common sub-node group, and generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node of each piece of encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding encrypted vehicle-mounted data.
With reference to the third aspect, in a first possible implementation manner of the first aspect, the node tree structure further includes: a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit, wherein a hierarchical relationship of the first, second, and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; the instructions for instructing the processor to tag a node for each piece of vehicle-mounted data collected further comprise: for each node, instructions for instructing the processor to: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the first possible implementation manner of the first aspect or the third aspect, in a second possible implementation manner of the third aspect, the instructions for instructing the processor to generate a subkey for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node of each piece of encrypted vehicle-mounted data include: for each marker node, instructions for instructing the processor to: generating a first child node key for a first child node of the marker node based on the aggregate key, the root node, and the first child node; generating a second child node key for a second child node based on the first child node key, the root node, the first child node, and a second child node of the marker node; the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
With reference to the first possible implementation manner of the first aspect or the third aspect, in a third possible implementation manner of the third aspect, the instructions for instructing the processor to generate a subkey for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node of each piece of encrypted vehicle-mounted data include: for each marker node, instructions for instructing the processor to: generating a second child node key for a second child node based on the aggregate key, the root node, the first child node of the marker node, and the second child node of the marker node; the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
With reference to the first possible implementation manner of the first aspect or the third aspect, in a fourth possible implementation manner of the third aspect, the instructions for instructing the processor to generate a subkey for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node of each piece of encrypted vehicle-mounted data include: for each marker node, instructions for instructing the processor to: the subkey is generated for the marked node based on the aggregate key, the root node, the first child node of the marked node, the second child node of the marked node, and the third child node of the marked node.
With reference to the first possible implementation manner of the third aspect, in a fifth possible implementation manner of the third aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a fourth aspect of the present invention, there is provided a mobile device for controlling access to vehicle-mounted data of a vehicle, each piece of vehicle-mounted data being collected and marked with nodes on a node tree structure, the vehicle-mounted data being encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the mobile device comprising: a processor; a non-transitory medium readable by the processor, the non-transitory medium storing instructions that, when executed by the processor, cause the processor to: transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received; receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure; determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data; requesting an aggregate key for the common sub-node group, and generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the tag node of each piece of received encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding encrypted vehicle-mounted data.
With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the node tree structure further includes: a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit, wherein a hierarchical relationship of the first, second, and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; the instructions for instructing the processor to tag a node for each piece of vehicle-mounted data collected further comprise: for each node, instructions for instructing the processor to: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the fourth aspect or the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the instructions for instructing the processor to generate a subkey for each piece of received encrypted vehicle data based on the requested aggregation key and the received marking node of each piece of encrypted vehicle data include: for each marker node, instructions for instructing the processor to: generating a first child node key for a first child node of the marker node based on the aggregate key, the root node, and the first child node; generating a second child node key for a second child node based on the first child node key, the root node, the first child node, and a second child node of the marker node; the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
With reference to the fourth aspect or the first possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the instructions for instructing the processor to generate a subkey for each piece of received encrypted vehicle data based on the requested aggregation key and the received marking node of each piece of encrypted vehicle data include: for each marker node, instructions for instructing the processor to: generating a second child node key for a second child node based on the aggregate key, the root node, the first child node of the marker node, and the second child node of the marker node; the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
With reference to the fourth aspect or the first possible implementation manner of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the instructions for instructing the processor to generate a subkey for each piece of received encrypted vehicle data based on the requested aggregation key and the received marking node of each piece of encrypted vehicle data include: for each marker node, instructions for instructing the processor to: the subkey is generated for the marked node based on the aggregate key, the root node, the first child node of the marked node, the second child node of the marked node, and the third child node of the marked node.
With reference to the fourth aspect or any one of the first to fourth possible implementation manners of the fourth aspect, in a fifth possible implementation manner of the fourth aspect, the mobile device further includes: instructions for instructing the processor to: retrieving a shared secret from the in-vehicle device, the in-vehicle device thereby learning the shared secret; encrypting the shared secret and transmitting the encrypted shared secret to the vehicle-mounted device to negotiate a shared encryption key for establishing secure communications between the mobile device and the vehicle-mounted device.
With reference to the sixth possible implementation manner of the fourth aspect, in a sixth possible implementation manner of the fourth aspect, the in-vehicle device further includes instructions for instructing the processor to: upon receiving a request to obtain the aggregation key for the common set of children, the aggregation key is generated for the common set of children based on the root key and the hierarchical relationship of children in the common set of children.
With reference to the first possible implementation manner of the fourth aspect, in a seventh possible implementation manner of the fourth aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a fifth aspect of the present invention, a method of generating encrypted in-vehicle data by an in-vehicle apparatus provided in a vehicle, the method comprising: collecting vehicle-mounted data of the vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle; encrypting each piece of the collected vehicle-mounted data using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marker node of each piece of the vehicle-mounted data and a root key corresponding to the root node; and transmitting the encrypted vehicle-mounted data and the marking node thereof to a cloud server.
With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the node tree structure further includes a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit; wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; each identity is represented as a node on the node tree by: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the fifth aspect or the first possible implementation manner of the fifth aspect, in a second possible implementation manner of the fifth aspect, the generating each corresponding subkey based on the marking node of each piece of vehicle-mounted data includes: determining a first sub-node, a second sub-node and a third sub-node of the marker node of each piece of the collected vehicle-mounted data, for each marker node: generating a first child node key using the root key, the first child node of the marker node, and the root node; generating a second child node key using the first child node key, a second child node of the marker node, the first child node, and the root node; generating a subkey using a third subnode of the marked node, the second subnode, the first subnode, the root node, and the second subnode key.
With reference to the fifth aspect or the first possible implementation manner of the fifth aspect, in a third possible implementation manner of the fifth aspect, the method further includes: after receiving a request for acquiring an aggregation key of a common child node group, generating the aggregation key for the common child node group based on the hierarchical relationship of the root key and child nodes in the common child node group; transmitting the generated aggregation key to a service device.
With reference to the first possible implementation manner of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a sixth aspect of the present invention, a method for controlling access to vehicle-mounted data of a vehicle, the vehicle-mounted data being collected and marked with nodes on a node tree structure, the vehicle-mounted data being encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the method implemented by a service device comprising: transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received; receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure; determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data; requesting an aggregate key for the common sub-node group, and generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the tag node of each piece of received encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding encrypted vehicle-mounted data.
With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the node tree structure further includes: a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit, wherein a hierarchical relationship of the first, second, and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; each piece of collected vehicle-mounted data is marked with a node by the following method: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the sixth aspect or the first possible implementation manner of the sixth aspect, in a second possible implementation manner of the sixth aspect, the step of generating, for each piece of received encrypted vehicle data, a subkey based on the requested aggregate key and the tag node of each piece of received encrypted vehicle data includes: for each marked node, generating a first child node key for a first child node of the marked node based on the aggregate key, the root node, and the first child node of the marked node; generating a second child node key for a second child node based on the first child node key, the root node, the first child node, and a second child node of the marker node; the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
With reference to the sixth aspect or the first possible implementation manner of the sixth aspect, in a third possible implementation manner of the sixth aspect, the step of generating, for each piece of received encrypted vehicle data, a subkey based on the requested aggregate key and the tag node of each piece of received encrypted vehicle data includes: generating a second child node key for a second child node based on the aggregate key, the root node, the first child node of the marker node, and the second child node of the marker node; the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
With reference to the sixth aspect or the first possible implementation manner of the sixth aspect, in a fourth possible implementation manner of the sixth aspect, the step of generating, for each piece of received encrypted vehicle data, a subkey based on the requested aggregate key and the tag node of each piece of received encrypted vehicle data includes: the subkey is generated for the marked node based on the aggregate key, the root node, the first child node of the marked node, the second child node of the marked node, and the third child node of the marked node.
With reference to the first possible implementation manner of the sixth aspect, in a sixth possible implementation manner of the sixth aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a seventh aspect of the present invention, there is provided a method for controlling access to vehicle-mounted data of a vehicle, the vehicle-mounted data being collected and marked with nodes on a node tree structure, the vehicle-mounted data being encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the method implemented by a mobile device comprising: transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received; receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure; determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data; requesting an aggregate key for the common sub-node group, and generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the tag node of each piece of received encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding encrypted vehicle-mounted data.
With reference to the seventh aspect, in a first possible implementation manner of the seventh aspect, the node tree structure further includes: a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit, wherein a hierarchical relationship of the first, second, and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node; each piece of collected vehicle-mounted data is marked with a node by the following method: determining class elements of the collected vehicle-mounted data; acquiring current time comprising a large time unit and a small time unit; and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the first possible implementation manner of the seventh aspect, in a second possible implementation manner of the seventh aspect, the large time unit includes a time unit that is greater than the small time unit.
With reference to the seventh aspect or any one of the first or second possible implementation manners of the seventh aspect, in a third possible implementation manner of the seventh aspect, the method further includes: retrieving a shared secret from the in-vehicle device, the in-vehicle device thereby learning the shared secret; encrypting the shared secret and transmitting the encrypted shared secret to the vehicle-mounted device to negotiate a shared encryption key for establishing secure communications between the mobile device and the vehicle-mounted device.
With reference to the third possible implementation manner of the seventh aspect, in a fourth possible implementation manner of the seventh aspect, the method further includes: upon receiving a request to obtain the aggregation key for the common set of children, the aggregation key is generated for the common set of children based on the root key and the hierarchical relationship of children in the common set of children.
According to an eighth aspect of the present invention, there is provided an in-vehicle apparatus provided in a vehicle for generating encrypted in-vehicle data, the in-vehicle apparatus including a collection unit, an encryption unit, and a transmission unit;
the collecting unit is used for collecting vehicle-mounted data of the vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle;
the encryption unit is used for encrypting each piece of collected vehicle-mounted data by using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marked node of each piece of vehicle-mounted data and a root key corresponding to the root node;
the transmission unit is used for transmitting the encrypted vehicle-mounted data and the marking nodes thereof to the cloud server.
With reference to the eighth aspect, in a first possible implementation manner of the eighth aspect, the node tree structure further includes a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit;
wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
the vehicle-mounted equipment further comprises a determining unit, an acquiring unit and an identifying unit;
the determining unit is used for determining class elements of the collected vehicle-mounted data;
the acquisition unit is used for acquiring the current time comprising a large time unit and a small time unit;
the identification unit is used for identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the eighth aspect, in a second possible implementation manner of the eighth aspect, the in-vehicle apparatus further includes a first generation unit;
for each marked node, determining a first child node of the marked node, a second child node of the marked node and a third child node of the marked node,
The first generation unit is configured to generate a first child node key using the root key, the first child node, and the root node; generating a second child node key using the first child node key, the second child node, the first child node, and the root node; generating a subkey using the third subnode, the second subnode, the first subnode, the root node, and the second subnode key.
With reference to the eighth aspect, the first possible implementation manner of the eighth aspect, or the second possible implementation manner of the eighth aspect, in a third possible implementation manner of the eighth aspect, the in-vehicle device further includes a second generating unit and a communication unit;
the second generating unit is used for: after receiving a request for acquiring an aggregation key of a common child node group, generating the aggregation key for the common child node group based on the hierarchical relationship of the root key and child nodes in the common child node group;
the communication unit is configured to transmit the generated aggregation key to a service device.
With reference to the first possible implementation manner of the eighth aspect, in a fourth possible implementation manner of the eighth aspect, the large time unit includes a time unit that is greater than the small time unit.
According to a ninth aspect of the present invention, there is provided a service device for controlling access to vehicle-mounted data of a vehicle, the vehicle-mounted data being collected and marked with nodes on a node tree structure, the vehicle-mounted data being encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the service device comprising a transmitting unit, a receiving unit, a determining unit, a requesting unit, and a generating unit;
the sending unit is used for sending a request to the cloud server, wherein the request comprises a time period, and the cloud server retrieves encrypted vehicle-mounted data with a marking node corresponding to the time period when receiving the request;
the receiving unit is used for receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure;
the determining unit is used for determining a group of child nodes shared by the marking nodes of the received encrypted vehicle-mounted data;
the request unit is configured to request an aggregation key for the common child node group;
the generating unit is used for generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregation key and the received marking node of each piece of encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding piece of encrypted vehicle-mounted data.
With reference to the ninth aspect, in a first possible implementation manner of the ninth aspect, the node tree structure further includes:
a first child node associated with a class element, a second child node associated with a large time unit, a third child node associated with a small time unit,
wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
wherein the service device further comprises an acquisition unit and an identification unit for each node:
the determining unit is used for determining class elements of the collected vehicle-mounted data;
the acquisition unit is used for acquiring the current time comprising a large time unit and a small time unit;
the identification unit is used for identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the ninth aspect or the first possible implementation manner of the ninth aspect, in a second possible implementation manner of the ninth aspect, for each marker node:
The generating unit is configured to generate a first child node key for a first child node based on the aggregation key, the root node, and the first child node of the marker node;
the generating unit is further configured to generate a second child node key for a second child node based on the first child node key, the root node, the first child node, and the second child node of the marker node;
the generating unit is further configured to generate the subkey for the marker node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marker node.
With reference to the ninth aspect or the first possible implementation manner of the ninth aspect, in a third possible implementation manner of the ninth aspect, for each marker node:
the generating unit is further configured to generate a second child node key for a second child node based on the aggregation key, the root node, the first child node of the marker node, and the second child node of the marker node;
the generating unit is further configured to generate the subkey for the marker node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marker node.
With reference to the ninth aspect or the first possible implementation manner of the ninth aspect, in a fourth possible implementation manner of the ninth aspect,
the generation unit is further configured to generate the subkey for the marker node based on the aggregate key, the root node, the first child node of the marker node, the second child node of the marker node, and the third child node of the marker node.
With reference to the ninth aspect or the first possible implementation manner of the ninth aspect, in a fifth possible implementation manner of the ninth aspect, the large time unit includes a time unit that is greater than a time unit of the small time unit.
According to a tenth aspect of the present invention, there is provided a mobile device for controlling access to vehicle-mounted data of a vehicle, each piece of vehicle-mounted data being collected and marked with nodes on a node tree structure, the vehicle-mounted data being encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the mobile device comprising a transmitting unit, a receiving unit, a determining unit, a requesting unit, and a generating unit;
the sending unit is used for sending a request to the cloud server, wherein the request comprises a time period, and the cloud server retrieves encrypted vehicle-mounted data with a marking node corresponding to the time period when receiving the request;
The receiving unit is used for receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure;
the determining unit is used for determining a group of child nodes shared by the marking nodes of the received encrypted vehicle-mounted data;
the request unit is configured to request an aggregation key for the common child node group;
the generating unit is used for generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregation key and the received marking node of each piece of encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding piece of encrypted vehicle-mounted data.
With reference to the tenth aspect, in a first possible implementation manner of the tenth aspect, the node tree structure further includes:
a first child node associated with a class element, a second child node associated with a large time unit, a third child node associated with a small time unit,
wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
The mobile device further comprises an identification unit;
the determining unit is used for determining class elements of the collected vehicle-mounted data;
the acquisition unit is used for acquiring the current time comprising a large time unit and a small time unit;
the identification unit is used for identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
With reference to the tenth aspect or the first possible implementation manner of the tenth aspect, in a second possible implementation manner of the tenth aspect, for each marker node,
the generating unit is configured to generate a first child node key for a first child node based on the aggregation key, the root node, and the first child node of the marker node;
the generating unit is further configured to generate a second child node key for a second child node based on the first child node key, the root node, the first child node, and the second child node of the marker node;
the generating unit is further configured to generate the subkey for the marker node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marker node.
With reference to the tenth aspect or the first possible implementation manner of the tenth aspect, in a third possible implementation manner of the tenth aspect, for each marker node,
the generating unit is configured to generate a second child node key for a second child node based on the aggregation key, the root node, the first child node of the marker node, and the second child node of the marker node;
the generating unit is further configured to generate the subkey for the marker node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marker node.
With reference to the tenth aspect or the first possible implementation manner of the tenth aspect, in a fourth possible implementation manner of the tenth aspect, for each marker node,
the generation unit is further configured to generate the subkey for the marker node based on the aggregate key, the root node, the first child node of the marker node, the second child node of the marker node, and the third child node of the marker node.
With reference to the tenth aspect, the first possible implementation manner of the tenth aspect, the second possible implementation manner of the tenth aspect, the third possible implementation manner of the tenth aspect or the fourth possible implementation manner of the tenth aspect, in a fifth possible implementation manner of the tenth aspect,
The mobile device further comprises a retrieval unit and an encryption unit;
the retrieving unit is used for retrieving the shared password from the vehicle-mounted equipment, and the vehicle-mounted equipment knows the shared password;
the encryption unit is used for encrypting the shared secret code and transmitting the encrypted shared secret code to the vehicle-mounted device so as to negotiate a shared encryption key for establishing secure communication between the mobile device and the vehicle-mounted device.
With reference to the fifth possible implementation manner of the tenth aspect, in a sixth possible implementation manner of the tenth aspect,
the generating unit is used for: upon receiving a request to obtain the aggregation key for the common set of children, the aggregation key is generated for the common set of children based on the root key and the hierarchical relationship of children in the common set of children.
With reference to the first possible implementation manner of the tenth aspect, in a seventh possible implementation manner of the tenth aspect, the large time unit includes a time unit that is greater than the small time unit.
Drawings
The above advantages and features according to the present invention are described in the following detailed description and are shown in the following drawings:
FIG. 1 illustrates a block diagram representation of a system for encrypting vehicle data and authorizing a service provider to access the encrypted data in a hierarchical manner in accordance with an embodiment of the present invention;
FIG. 2 shows a block diagram representing components in an electronic device or server for performing an embodiment in accordance with an embodiment of the present invention;
FIG. 3 illustrates a block diagram representation of modules included within a system for encrypting vehicle-mounted data and authorizing a service provider to access the encrypted data in a hierarchical manner in accordance with an embodiment of the present invention;
FIG. 4 shows a flow chart of a process for collecting and encrypting in-vehicle data in an in-vehicle module according to an embodiment of the invention;
fig. 5 shows a flowchart of a process for decrypting selected encrypted vehicle-mounted data in a hierarchical manner in a service module according to an embodiment of the present invention.
Detailed Description
The present invention relates to a system and method for controlling access to encrypted vehicle data. Specifically, the system employs a hierarchical access control method such that an authorized user can access selected encrypted vehicle-mounted data stored in a cloud server in a hierarchical manner, and then the authorized user can obtain rights to: the encrypted parent data and all of the child data associated with the selected encrypted parent data are decrypted by autonomously deriving the child encryption keys for the child data.
Those skilled in the art will recognize that many of the functional units in the specification have been labeled as modules. Those skilled in the art will also recognize that a particular implementation of a module may be a circuit, a logic chip, or any kind of discrete device. Furthermore, those skilled in the art will also recognize that modules may also be implemented in software for execution by various types of processors. In embodiments of the invention, a module may also include computer instructions or executable code that may instruct a computer processor to complete a series of events based on the received instructions. The choice of implementation of the modules as a matter of design choice is determined by the person skilled in the art and does not in any way limit the scope of the invention.
Fig. 1 illustrates a system 100 for encrypting on-board data of an intelligent vehicle and authorizing a service provider to access the encrypted data in a hierarchical manner in accordance with an embodiment of the present invention. The system 100 shown in fig. 1 includes a cloud server 105, a service module 110, a mobile module 115, and an in-vehicle module 120 that are connected to each other by wireless means. These modules are used to wirelessly communicate with each other over the internet or a wireless network including, but not limited to, a cellular network, satellite network, telecommunications network, or wide area network (Wide Area Network, WAN). In addition to the above, the in-vehicle module 120 is further configured to directly communicate with the mobile module 115 when the mobile module 115 is in close physical proximity to the in-vehicle module 120, where the close range Wireless communication may be implemented by Wireless communication means, including but not limited to Wireless-Fidelity (Wi-Fi), bluetooth, or near field communication (Near Field Communication, NFC).
Cloud server 105 may include a secure cloud server or a remote secure server capable of wireless communication with the various modules of system 100. The primary function of the cloud server 105 is to act as a secure database for encrypted data storage. Accordingly, the cloud server 105 does not necessarily have to configure an encryption or decryption module.
The mobile module 115 and the service module 110 may each include, but are not limited to, an electronic module disposed in any device capable of performing wireless communication and computing functions, such as a wearable electronic device, e.g., a smart phone, tablet, mobile computer, notebook, smart watch, etc. The mobile module 115 may be disposed in any electronic device owned by the owner or authorized user of the intelligent vehicle, while the service module 110 may be disposed in any electronic device owned by an authorized third party service provider, such as a flat panel of a car repair shop repairman or an intelligent mobile device of a parking lot attendant.
The on-board module 120 may be provided in a command and control unit of the intelligent vehicle, which is connected to a plurality of electronic systems. These electronic systems perform intelligent functions of the intelligent vehicle, such as sensing the surrounding environment of the vehicle, activating and deactivating vehicle engines or entertainment systems to autonomously control the vehicle in response to detected actions, in response to available data, in a predictive or adaptive manner. In many cases, these intelligent systems comprise at least sensors for signal acquisition, elements for transmitting collected and/or received data to the command and control unit of the vehicle, components for transmitting decisions and instructions, and actuators for performing or triggering specified actions.
Fig. 2 shows a block diagram representing components of an electronic device 200 provided within modules 110, 115, and 120 for performing an embodiment in accordance with an embodiment of the present invention. These components may also be provided on a controller connected to cloud server 105. Those skilled in the art will recognize that the exact configuration of each electronic device disposed within each module or controller may vary, as may the exact configuration of electronic device 200, the layout and configuration shown in fig. 2 being provided as an example only.
In an embodiment of the present invention, the device 200 includes a controller 201 and a user interface 202. The user achieves manual interaction with the electronic device 200 through the user interface 202, which thus contains input/output components for the user to input instructions for controlling the electronic device 200. Those skilled in the art will recognize that the components of the user interface 202 may vary from one embodiment to another, but generally include one or more of a display 240, a keyboard 235, and a trackpad 236.
The controller 201 is in data communication with the user interface 202 via a bus 215, and includes a memory 220, a Central Processing Unit (CPU) 205 mounted on a circuit board for processing instructions and data associated with the present embodiment, an operating system 206, an input/output (I/O) interface 230 for communicating with the user interface 202, and a communication interface, which in the present embodiment is presented in the form of a network card 250. The network card 250 may facilitate the electronic device 200 in transmitting/receiving data or the like via a wired or wireless network. The network card 250 is suitable for, but not limited to, the following wireless networks: wireless-Fidelity (Wi-Fi), bluetooth, near field communication (Near Field Communication, NFC), cellular networks, satellite networks, telecommunication networks, wide area networks (Wide Area Network, WAN), and the like.
The memory 220 and the operating system 206 are in data communication with the CPU 205 via the bus 210. The memories are divided into volatile Memory and nonvolatile Memory and each include more than one, including a random access Memory (Random Access Memory, RAM) 223, a Read Only Memory (ROM) 225, and a mass storage device 245, wherein the mass storage device 245 contains one or more Solid State Drives (SSDs). The memory 220 also includes a secure memory 246 for securely storing private encryption keys, such as root keys and/or private keys. It should be noted that the content in secure memory 246 is only authorized for access by a super user or administrator of device 200, and is not authorized by any other user of device 200. Those skilled in the art will recognize that the memory described above comprises non-transitory computer-readable media, and thus, can be understood to include all computer-readable media except transitory propagating signals. Typically, the instructions are stored in memory in the form of program code, but hardwired instructions may also be used. Memory 220 may include a kernel and/or programming modules, such as a software application, which may be stored in volatile or nonvolatile memory.
It should be noted that the term "CPU" generally refers to any device or component capable of processing similar instructions, such as a microprocessor, microcontroller, programmable logic device, or other computing device. Thus, the CPU 205 may be any logic circuit capable of receiving signals, performing signal processing according to instructions in memory, and outputting signals (e.g., to a memory component or display 240). In this embodiment, the CPU 205 may be a single-core or multi-core processor with addressing space. In one example, the CPU 205 has multiple cores, such as an 8-core CPU.
Fig. 3 shows the individual components provided in the modules of the system 100 according to an embodiment of the invention. As described above, the in-vehicle module 120 may be provided in a command and control unit of the intelligent vehicle. With the use of intelligent vehicles, electronic systems in intelligent vehicles will begin to accumulate various data logs. For example, data that may be collected includes, but is not limited to, vehicle engine related data such as revolutions per second of the vehicle engine, speed of the vehicle, GPS location of the vehicle, tire pressure of the vehicle, fuel consumption of the vehicle, engine temperature of the vehicle, brake fluid level of the vehicle, battery level of the vehicle, images captured by a vehicle camera, and the like.
All collected data logs will be marked with a time element at preset time intervals, which represents the marked time of the data or the average time of collecting the data. The preset time interval may represent a 24 hour period, a 7 day period, a one month period, or any other period and is left to the discretion of the person skilled in the art as a design choice. Each time element may be represented using any hierarchical time format, such as "year, month, week, day", "year, month, week", "year, month, year", or any combination of such hierarchical time formats, provided that at least two time units are included in the format. The two time units include a large time unit and a small time unit, the large time unit representing a time unit greater than the small time unit. For example, the hierarchical time format "year, month" may be used as a time element, as "year" represents a large time unit and "month" represents a small time unit. In yet another example, the hierarchical time format "year, month, week, day" may be divided into one large unit of time denoted "year, month" and one small unit of time denoted "week, day". Those skilled in the art will recognize that large time units may comprise any time format combination, as long as the large time units represent time units that are greater than the small time units. The hierarchical time format may also be represented as a tree of nodes, where the root node on the tree represents the largest time unit in the hierarchical time format, and the children nodes of the tree may represent smaller time units. For example, when the hierarchical time format "year, month, week" is represented as a node tree structure, "year" may be represented by a root node, "month" may be represented by a branch child node of the root node, and "week" may be represented by a branch child node of the "month" child node. The further the children are from the root node (at the top of the tree), the lower these children are located in the tree.
When the collected data marks a time element, the type or category of the data marked with the time element is appended to the time element, thereby constituting an "identity" in the format of: "vehicle. Classification. Time element" is similar to the format of nodes on a node tree structure. In this format, "vehicles" represent source vehicles that collect data, "classifications" represent categories or types of marked data, and "time elements" represent marked times of the data. Those skilled in the art will recognize that the root node of the node tree structure in this example may be a "vehicle" in that all collected data is related to the "vehicle", while the "sort" branch represents child nodes extending downward from the root node, the "time element" branch represents grandchild nodes extending downward from child nodes, and then nodes possessing this identity may be categorized as "vehicle sort. Time element" nodes on the node tree structure.
For example, suppose that engine speed related data for a vehicle is collected, the data is tagged with an identity "vehicle. Engine speed. 2016.06" represented by nodes on a node tree structure, where "vehicle" represents a root node, "engine speed" represents a "class" branch, and "2016.06" (in the "year, month" format, for example) represents a time at which the data is tagged, where the time element branch is in a hierarchical time format. In this example, the "classification" branch of "engine speed" is appended to the time element to make up the identity. Those skilled in the art will recognize that this process may be repeated for all types of classifications depending on the type of data collected by the vehicle's electronic system. Those skilled in the art will recognize that a "sort" branch may be appended to a time element having any type of hierarchical time format, such as "year, month, week, day", "year, month, week", "year, month", or any combination of such hierarchical formats, provided that the time format includes at least two of the above time units.
The root key module 305 will generate a master or root key for an identity-based hierarchical encryption (Hierarchical Identity Based Encryption, HIBE) scheme before encrypting any data logs. The root key is associated with a root node, which in the above example is the source vehicle that collects the data. This root key is stored in a secure memory within the root key module 305 and is then used to obtain a private data key or subkey to encrypt the collected data log. The HIBE scheme is an asymmetric encryption scheme, employing a customized hierarchical node tree structure. The node tree structure may be visualized as a tree with root-parent-child-grandchild etc. nodes extending (or expanding) downward from a single root node. In this description, those skilled in the art will recognize that a first child node on the tree structure refers to a child node that is located at the highest point (i.e., closest to the root node) of the tree structure, while a second child node on the tree structure refers to a child node that extends downward from the first child node, i.e., below the first node, and a third child node on the tree structure refers to a child node that extends downward from the second child node, i.e., below the second child node. Those skilled in the art will also recognize that the larger the sequence number of a child node, the lower the position that the child node is located on the node tree structure. Further, references to nodes on a node tree structure refer to nodes that make up a hierarchy of children nodes. For example, nodes at the third child node layer may include a root node, a first child node, a second child node, and a third child node (i.e., root. First. Second. Third). As another example, a node at a first child node level may include a root node and a first child node (i.e., root. First).
In summary, for the encryption process, data or plain text associated with each node on the tree structure is encrypted using a corresponding sub-key, wherein each corresponding sub-key is generated based on the node's associated identity (or node's location on the node tree structure) and the node's sub-key. For the decryption flow, the root key is used to obtain the parent key to decrypt the associated parent file and/or the associated ciphertext. The parent key may then be used to obtain the child keys of nodes located lower in the tree structure. The associated subfiles are then decrypted using these subfiles. The process may thereafter be repeated to decrypt files associated with nodes located lower in the tree structure.
It should be noted that this HIBE scheme only allows the downward decryption flow but not the upward decryption flow. This means that the child key is not available to decrypt an encrypted file encrypted using the private data key associated with the parent node identity. That is, the private data key belonging to the lower node is not available to decrypt the encrypted file in the higher node, i.e., the node closer to the root node. For example, the identity of a professor may be written as "university. College. Department of systems, name", where the identity associated with the root of the tree structure is "university". A university's school may have a root key that may be used to obtain keys (i.e., subkeys) for all university workers including the department of the college, etc., while the college yard may obtain subkeys for all persons in its college including the department master (i.e., lower nodes in the tree), which may obtain subkeys for all professors in its department. However, the general professor of the department of affiliation (possessing the "university. College. Department name" identity) cannot decrypt the material encrypted by its department of affiliation using the subkey associated with its identity. This is because its tie owner encrypts its own material using its own data key generated based on its own "university. College. Tie" identity, and the tie owner is located at a higher node in the tree structure than the professor's node (i.e., the professor owns the child key and the tie owner owns the parent key). Thus, subkeys belonging to lower nodes on the tree structure (i.e., professor keys) are not available to decrypt material encrypted using the identity associated with the higher node (i.e., the identity of the principal). A detailed explanation of the manner in which the HIBE scheme works, as known to those skilled in the art, can be found in the publication "constant ciphertext size identity-based hierarchical encryption (Hierarchical Identity Based Encryption with Constant Size Ciphertext)".
Returning to the example shown in fig. 3, at preset time intervals, the data associated with the classification element marks the classification element to form an identity. By default, it should be understood that the vehicle element that is the root node is always included in the identity as the root. To put in brief: the identity includes a vehicle element (i.e., root node), a classification element representing the data type, and a time element representing the time at which the data is tagged with the identity. The identity and its marked data log are then provided to the encryption and upload module 310. The module 310 will then encrypt each data log using the corresponding sub-key, each generated based on the tag identity of the data log and the previously generated root key.
It can also be said that each corresponding subkey can be generated based on the root key and the marker node of each data log. To put in brief: each identity may be represented as a node on a node tree structure. Thus, to generate a corresponding subkey for a node (or identity) on the node tree, the appropriate subnode of the node that has marked the data log is first determined. The root keys are then used to compute the sub-keys in descending order of hierarchy. For example, suitable children of a node that is marked with a data log may include a first child node, a second child node, and a third child node. In this example, the root key, the first child node, and the first child node for the node will first be used to generate the first child node key. Once completed, a second child node key will be generated for the second child node using the first child node key, the second child node of the node, the first child node, and the root node. And finally, generating a subkey for the node by using the third subnode, the second subnode, the first subnode, the root node and the second subnode key.
The encryption and upload module 310 then uploads the encrypted data and its respective tag identity (node) to the cloud server 105. It is important to note at this stage that the terms identity and node are used interchangeably throughout this description without departing from the present invention. If the in-vehicle module 120 cannot establish a wireless connection with the cloud server 105 at this stage, the in-vehicle module 120 may store the material ready for uploading until a wireless connection with the cloud server 105 is established. Once the wireless connection is established, the material may be uploaded to cloud server 105.
For example, at preset example intervals, a first identity may be formed by marking an identity or node that includes "vehicle.engine speed. 2016.01.01" to the associated data log, and a second identity may be formed by marking an identity or node that includes "vehicle.battery power. 2016.01.01" to the associated data log. At this stage it is necessary to reiterate that for the structure of the first identity or node, the root node is "vehicle", the first child node is "engine speed", the second child node is "2016.01" (as long as it is in time units greater than the third child node) and the third child node is "01".
The two identities and their marked data log are then transmitted to the encryption and upload module 310. Module 310 generates a subkey associated with the first identity (i.e., "vehicle engine speed 2016.01.01") using the first identity and the previously generated root key. This subkey is then used to encrypt the data log marked to the first identity. The generation process of the subkey of the first identity is as follows: the first child node key is first generated using the root key and "vehicle engine speed". Once completed, the second child node key will be generated using the first child node key and "vehicle engine speed 2016.01". Finally, a subkey for the first identity is generated using the "vehicle engine speed 2016.01.01" and the second subnode key.
Similarly, module 310 will generate a subkey associated with the second identity (i.e., "vehicle.battery power 2016.01.01") using the second identity and the previously generated root key. This subkey associated with the second identity is then used to encrypt the data log marked to the second identity.
In embodiments of the present invention, the encryption flow of the associated Data Log may be performed by a standard HIBE encryption function, such as Encrypt ("Child Key [ vehicle. Engine_speed.2016.01.01]". DataLog). The encrypted data log and its respective tag identity may then be uploaded from module 310 to cloud server 105. Cloud server 105 will receive the encrypted data and its tag identity and store all received material in database 330, which includes secure memory located within the secure server.
In this example embodiment, it is assumed that the subject vehicle has mounted an in-vehicle module 120. When a third party service provider wants to obtain specific data (for a specific period of time) of a vehicle to perform various processes or maintenance works, the third party service provider will use the service module 110 to perform the data decryption process. The authentication and service module 340 provided within the service module 110 will identify the data to be decrypted based on the tagged identity or node of the data stored in the cloud server 105. Specifically, the module 340 will select an identity or node of the vehicle having the required classification element and a time element (having at least one large time unit and one small time unit) that falls within the required time period. That is, module 340 may send a request to cloud server 105 containing the particular time period required, requesting encrypted vehicle data with nodes within that time period.
Upon receipt of the retrieval request, cloud server 105 will retrieve all encrypted vehicle-mounted data that is tagged with nodes or identities that fall within the time period specified by the retrieval request. Cloud server 105 then transmits the retrieved encrypted vehicle data (tagged with identities that fall within the required time period) to module 340. It should be reiterated at this stage that each identity corresponds to a node on the node tree. This then means that identities falling within the required time period will all have one common node on the node tree. In this example, the identity { "vehicle speed 2016.02.01-vehicle speed 2016.02.28" } is effectively "vehicle speed 2016.02".
From the received node or the received identity, the module 340 will identify a set of child nodes that are common to the received node. The module 340 then requests the aggregation key corresponding to this common identity or common set of child nodes from the in-vehicle module 120. It should be noted that the request contains the determined common identity or common node.
For example, module 340 may identify that the received node has a large unit of time in common for all received nodes. The large time unit is then used to identify the common set of child nodes. Then, the common child node group including only the root node, the classification element (first child node), and the identified common large time unit (second child node) is transmitted to the cloud server 105 as part of the aggregate key request.
In a more detailed example, assume that module 340 has retrieved encrypted data regarding vehicle speed for a period of time including the whole month of 2016, 2: { "vehicle speed. 2016.02.01. Vehicle speed. 2016.02.28" }. The large time unit common to all identities in the retrieved set of identities or the time period to which the selected identity belongs is "2016.02", representing years and months. That is, this means that the common set of child nodes in this example may be "vehicle speed 2016.02". For completeness, it is noted that in this example, a small time unit represents a day. The aggregate key request with the common child node group "vehicle speed 2016.02" is then transmitted to the on-board module 120.
An authentication module 315 disposed within the in-vehicle module 120 receives the request with the shared sub-node group. The authentication module 315 will analyze the request and then generate an aggregate key for the common set of children based on the root key and the hierarchical relationship of children in the common set of children according to the HIBE scheme. Once the aggregate key for the common set of child nodes is generated, the aggregate key is transmitted from the in-vehicle module 120 to the service module 110.
For the above example, the common child node group includes "vehicle speed 2016.02". The root key and "vehicle speed" will then be used, with the sub-key kspeed associated with the highest non-root node, i.e., "speed", being generated first. The sub-key kspeed is then used with "vehicle speed.2016" to generate the sub-key kspeed.2016 for a sequentially lower level node, i.e., "2016". Then, the sub-key kspeed.2016.02 is generated for the node "02" that is sequentially lower by one stage using the sub-key kspeed.2016 and "vehicle speed. 2016.02". Thereafter, the aggregate key kspeed.2016.02 of the common set of child nodes, "vehicle speed 2016.02," is transmitted from the on-board module 120 to the service module 110.
The authentication and service module 340 then receives and stores the aggregated key from the authentication module 315. The module 340 in turn obtains the sub-keys of the nodes using the received aggregate key and the retrieved tagged identities or nodes of each piece of encrypted vehicle data to decrypt each data log attached to each identity or node. The decrypted data log is then analyzed to obtain vehicle-related diagnostic data.
Returning to the previous example, for a set of identities between { "vehicle speed 2016.02.01-vehicle speed 2016.02.28" }, this means that module 340 may use aggregate key kspeed 2016.02 to generate all subkeys for the identities or nodes contained within the time period, where the aggregate key and associated identity or node are used to generate the subkeys for each identity in the set. In this example, this means that the following subkeys will be generated using the aggregation key and its associated identity or node: "kspeed.2016.02.01", "kspeed.2016.02.02" … … "kspeed.2016.02.27", "kspeed.2016.02.28". Each data log tagged to each unique identity or node in the set may then be decrypted using each subkey.
However, if the module 340 were to obtain vehicle-related specific data, the module 340 would identify the specific data to be decrypted based on the tag identity of the data stored in the cloud server 105. In this embodiment, the module 340 will select a particular identity with the required taxonomy and time elements, or, as it were, the module 340 will select a particular node on the node tree to decrypt. The module 340 will then transmit a particular subkey request to the in-vehicle module 120, which request may include a particular identity or a particular node.
For example, assume that module 340 is to obtain specific data tagged to the following identity set: { "vehicle.speed. 2016.02.01", "vehicle.speed. 2016.02.02", "vehicle.speed. 2016.02.03", "vehicle.speed. 2016.02.04", "vehicle.speed. 2016.02.06" }. These particular identities are then transmitted in a request to the in-vehicle module 120 and the step of determining the common node or common identity as described above is omitted.
An authentication module 315 disposed within the in-vehicle module 120 receives the request and the particular identity or node. The authentication module 315 will analyze the decryption request and generate a subkey for the received identity using the previously generated root key and HIBE scheme. Once a subkey for a particular identity or node is generated, the subkey is transmitted from the in-vehicle module 120 to the service module 110. For the above examples, the identities provided may include { "vehicle speed 2016.02.01", "vehicle speed 2016.02.02", "vehicle speed 2016.02.03", "vehicle speed 2016.02.04", "vehicle speed 2016.02.06". Then, the root key will be used first to generate the subkey kspeed associated with the highest non-root node, i.e. "speed". The sub-key kspeed is then used to generate the sub-key kspeed.2016 for the sequentially lower node, "2016". Then, the sub-key kspeed.2016.02 is generated for the node "02" that is sequentially lower by one level. The sub-keys, kspeed.2016.02.01, kspeed.2016.02.02, kspeed.2016.02.03, kspeed.2016.02.04, and kspeed.2016.02.06, are then generated for sequentially lower nodes, namely, "01, 02, 03, 04, and 06", using the sub-key 2016.02. The sub-keys kspeed.2016.02.01, kspeed.2016.02.02, kspeed.2016.02.03, kspeed.2016.02.04, and kspeed.2016.02.06 are then transmitted from the in-vehicle module 120 to the service module 110.
The authentication and service module 340 will receive and store the subkey for the particular identity from the authentication module 315. Each data log with each identity attached is then decrypted using the subkey and each unique identity or node. The decrypted data log is then analyzed to obtain vehicle-related diagnostic data.
For completeness, it is noted that if module 340 were to request encrypted data associated with two different sets of identities (i.e., the classification branches include two types, such as speed and battery), then service module 110 may be caused to transmit a request to in-vehicle module 120 to obtain two aggregation keys and two sets of common child nodes. The authentication module 315 will then analyze the request and generate two unique aggregate keys for the two sets of common child nodes using the method described above. Once the aggregate key for the two common sub-node groups is generated, the aggregate key is transmitted from the in-vehicle module 120 to the service module 110.
The module 340 will perform a similar decryption procedure wherein for a first set of selected identities, the module 340 will obtain the sub-key for each data log in this first set using the first aggregate key and the retrieved tagged identity or node for each encrypted data, and for a second set of selected identities, the module 340 will obtain the sub-key for each data log in this second set using the second aggregate key and the retrieved tagged identity for each data log. And then decrypting the corresponding marked data log using each of the obtained subkeys.
In yet another embodiment of the invention, the user of the vehicle may need to manage the release of the private key by using his mobile device, which may be done by the mobile module 115. The mobile module 115 is provided in the user's mobile device and includes an authentication module 350, a management module 360, and an authentication module 355. In order for the mobile module 115 to issue an aggregate key or authentication code to a third party service provider, it is first necessary to copy the root key from the root key module 305 (provided in the in-vehicle module 120) to the mobile module 115. This may be accomplished through a cryptographically authenticated key exchange (Password Authenticated Key Exchange, PAKE) scheme. In the PAKE scenario, the authentication module 350 will first retrieve a preset shared secret that is known to both the mobile module 115 and the in-vehicle module 120. For example, the shared secret known to both the mobile module and the vehicle module may be a Quick-Response matrix (QR) code or a digital image. The mobile module 115 may display the QR code on a display screen of the mobile device, and a camera connected to the in-vehicle module 120 may capture the displayed QR code.
Authentication module 350 in mobile module 115 will then encrypt the shared secret using standard encryption methods. The encrypted shared secret is then transmitted from the mobile module 115 to the in-vehicle module 120 to negotiate a shared encryption key for establishing secure communications between the in-vehicle module 120 and the mobile module 115. Once completed, the root key from root key module 305 is encrypted using the shared encryption key. The encrypted root key is then transmitted to the mobile module 115 using a short-range wireless communication method, and then decrypted and stored in the authentication module 350.
Once the root key is stored in the authentication module 350, the authentication module 355, which works in conjunction with the authentication module 350, may perform the functions of the uploading and encrypting module 310 and the authentication module 315 provided within the in-vehicle module 120. That is, the request for acquisition of the aggregation key and the common set of child nodes may be received instead by an authentication module 355 provided within the mobile module 115. The authentication module 355 will analyze the request and generate an aggregate key using the root key, as described above. Once the aggregate key for the shared sub-node group is generated, the aggregate key is transmitted from the mobile module 115 to the service module 110 and then the decryption process may proceed as described above.
In yet another embodiment of the present invention, a third party service provider may be required to control the vehicle for a period of time. For example, if the third party service provider is an automatic parking system, the third party service provider needs to obtain the required rights or privileges to control the vehicle. To this end, the user will need to grant the service provider limited privileges so that the service provider can issue commands to the vehicle for a fixed period of time. The grant of limited privileges is initiated when the management module 360 obtains a signing key for a particular privilege using a root key stored in the authentication module 350. The expiration time of the classification element and privileges is indicated in the key. For example, suppose that the signing key includes "autopilot.2016.11.03.02.7pm". The signing key is sent from module 360 to service module 110 via mobile module 115. The service module 110 may then use the signing key to control the desired vehicle characteristics. To this end, the signing key may be transmitted from the service module 110 to the in-vehicle module 120, wherein the authentication module 315 will verify the validity of the signing key using the root key stored in the root key module 305. If the authentication module 315 determines that the signing key was indeed issued by the same root key, the authentication module forwards the command contained in the signing key to the control module 320. The control module 320 will then cause the appropriate electronic system in the vehicle to execute the command.
According to an embodiment of the present invention, there is provided a method for controlling access to vehicle-mounted data of a vehicle, collecting the vehicle-mounted data and marking nodes on a node tree structure for the vehicle-mounted data, wherein the vehicle-mounted data is encrypted by a vehicle-mounted module provided in the vehicle and stored on a cloud server, the method includes a service device or a mobile module, and the following five steps are performed:
step 1, sending a request to a cloud server, wherein the request comprises a time period, and the cloud server searches encrypted vehicle-mounted data with a marking node corresponding to the time period when receiving the request;
step 2, receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure;
step 3, determining a group of child nodes shared by the marking nodes of the received encrypted vehicle-mounted data;
step 4, requesting an aggregation key for the shared sub-node group;
and 5, generating a subkey for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node of each piece of encrypted vehicle-mounted data, wherein each generated subkey is used for decrypting the corresponding encrypted vehicle-mounted data.
To provide such a system or method, a process is required to generate an aggregate key that is used to calculate the subkeys in order to decrypt ciphertext encrypted using the subkeys. The following description and fig. 4 and 5 describe flow embodiments of the provided flow according to the present invention.
Fig. 4 shows a flow 400 performed by an on-board module to encrypt a tagged data log and obtain a private key. The process 400 starts at step 400: the on-board module collects data logs from various electronic systems provided in the intelligent vehicle. The process 400 then marks the collected data logs with their respective identities, each of which includes a "root" branch, a "sort" branch, and a "time" branch in the form of a node tree structure, at step 405. The "sort" branch represents the type or class of data log collected, such as vehicle speed, tank level, etc., while the "time" branch represents the time to tag the data log with an identity or the average time to collect data. The "root" branch is associated with the name or identification of the source vehicle from which the data was collected. It should be noted that step 405 may occur at preset time intervals, and the specific time intervals are determined by those skilled in the art as design options.
Flow 400 obtains a root key for the HIBE scheme at step 410. The root key is associated with the vehicle. The process 400 then selects a unique identity and its marked datalog at step 415. At step 425, the process 400 encrypts the data log marked to the selected identity using the root key and the sub-key calculated for the selected identity based on the HIBE scheme. The process 400 determines at step 430 whether there is another unique identity of the data log with the marker to be selected by the process 400. If the flow 400 determines that such another unique identity exists, the flow 400 proceeds to step 435 where the flow 400 selects the next unique identity and its marked data log. The flow 400 then returns to step 425 to calculate the subkey for the selected identity and encrypt the marked data log using the root key and HIBE scheme, and the flow 400 repeats steps 430 through 435 until the flow 400 has processed all the data logs marked to the unique identity, i.e., all the data logs have been encrypted.
Flow 400 then proceeds from step 430 to step 440: and transmitting the encrypted vehicle-mounted data and the corresponding identity thereof from the vehicle-mounted module to the cloud server. Once completed, the process 400 will remain in idle mode at step 445 awaiting receipt of a request to generate an aggregation key. If flow 400 receives a request to generate an aggregation key at step 445, flow 400 proceeds to step 450: the root key and the common set of children or a particular identity/node are used to generate an aggregate key for the common set of children or a particular child key for a particular identity. The process 400 then transmits the aggregated key to the source that originated the request and returns to idle mode at step 445.
Fig. 5 illustrates a flow 500 performed by a service module to obtain an aggregate key for decrypting a selected tagged encrypted data log. The flow 500 begins at step 505 where the flow 500 receives a command requesting to decrypt vehicle data tagged to a particular identity, each identity having a particular classification element/branch associated with a first node and having a particular time period associated with a second node, i.e., the identities having a first classification element and a first large time unit. Next, flow 500 requests an aggregate key associated with an identity, i.e., a common identity, having a particular classification element and corresponding to a particular time period. This request, which occurs at step 510, involves the following: flow 500 sends an aggregate key request and a common set of children including a first classification element and a first large time unit to a module (e.g., an in-vehicle module or a mobile module) that owns the HIBE scheme root key. Once the required aggregation key is obtained, flow 500 proceeds to step 515. In step 515, the on-vehicle data tagged to these identities or nodes having particular classification elements and corresponding to particular time periods and their tagged identities are retrieved from the cloud server. It should be noted that step 515 may occur before step 510, and the two steps may be interchanged.
Next, the process 500 selects one of the retrieved identities and tagged encrypted vehicle data from the retrieved collection of materials. This occurs at step 520. Next, the flow 500 goes to step 525 where in step 525, the flow 500 obtains a subkey for the selected identity using the selected identity and the aggregate key and HIBE scheme. The process 500 then decrypts the encrypted data log tagged to the selected identity using the obtained subkey at step 530.
The process 500 checks at step 535 if there is another retrieved identity to which the encrypted data log is marked for processing at steps 525 and 530. If flow 500 determines that another such identity exists, flow 500 proceeds to step 540: the next identity and its marked encrypted data log are selected. Flow 500 then proceeds to step 525 where flow 500 obtains another sub-key for the selected identity using the selected identity and the aggregate key and HIBE scheme in step 525. Next, the process 500 decrypts the encrypted data log tagged to the selected identity using the newly acquired subkey at step 530. Steps 525 through 535 are repeated until all retrieved identities and their marked encrypted data logs have been processed by steps 525 and 530. The flow 500 then ends.
The above is a description of embodiments of the system and process according to the invention as set forth in the appended claims. It is contemplated that other persons may or will design alternatives that fall within the scope of the appended claims.

Claims (33)

1. A system for controlling access to vehicle data, comprising:
an in-vehicle apparatus for:
collecting vehicle-mounted data of a vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle;
encrypting each piece of the collected vehicle-mounted data using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marker node of each piece of the vehicle-mounted data and a root key corresponding to the root node;
transmitting the encrypted vehicle-mounted data and the marking node thereof to a cloud server;
the cloud server is used for:
receiving and storing the encrypted vehicle-mounted data and the marking node thereof;
service equipment for:
transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received;
Receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure;
determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data;
requesting an aggregate key for the common set of child nodes;
generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node for each piece of encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding piece of encrypted vehicle-mounted data.
2. The system of claim 1, wherein the node tree structure further comprises a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit;
wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
each identity is represented as a node on the node tree by:
Determining class elements of the collected vehicle-mounted data;
acquiring current time comprising a large time unit and a small time unit;
and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
3. The system of claim 2, wherein the generating each corresponding subkey based on the marker node for each piece of vehicle-mounted data comprises:
determining a first child node, a second child node and a third child node of the marker node of each piece of the collected vehicle-mounted data, for each node:
generating a first child node key using the root key, the first child node, and the root node;
generating a second child node key using the first child node key, the second child node, the first child node, and the root node;
generating a subkey using the third subnode, the second subnode, the first subnode, the root node, and the second subnode key.
4. A system according to any one of claims 1 to 3, further comprising a mobile device;
the mobile device is configured to:
retrieving a shared secret from which the vehicle-mounted device is aware;
Encrypting the shared secret and transmitting the encrypted shared secret to the vehicle-mounted device to negotiate a shared encryption key for establishing secure communications between the mobile device and the vehicle-mounted device;
the in-vehicle apparatus is configured to:
encrypting the root key using the shared encryption key;
transmitting the encrypted root key to the mobile device.
5. The system of claim 4, wherein the mobile device is configured to:
generating the aggregation key for the common sub-node group based on the hierarchical relationship of the root key and sub-nodes in the common sub-node group after receiving a request for acquiring the aggregation key of the common sub-node group;
transmitting the generated aggregate key to the service device.
6. The system according to claim 1, wherein the in-vehicle apparatus is configured to:
generating the aggregation key for the common sub-node group based on the hierarchical relationship of the root key and sub-nodes in the common sub-node group after receiving a request for acquiring the aggregation key of the common sub-node group;
transmitting the generated aggregate key to the service device.
7. A system according to claim 2 or 3, wherein the large time units comprise time units larger than the small time units.
8. An in-vehicle apparatus provided in a vehicle for generating encrypted in-vehicle data, the in-vehicle apparatus comprising:
a processor;
a non-transitory medium readable by the processor, the non-transitory medium storing instructions that, when executed by the processor, cause the processor to:
collecting vehicle-mounted data of the vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle;
encrypting each piece of the collected vehicle-mounted data using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marker node of each piece of the vehicle-mounted data and a root key corresponding to the root node;
and transmitting the encrypted vehicle-mounted data and the marking node thereof to a cloud server.
9. The vehicle-mounted device of claim 8, wherein the node tree structure further comprises a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit;
Wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
the instructions for instructing the processor to represent each identity as a node on the node tree structure further comprise: for each identity, instructions for instructing the processor to:
determining class elements of the collected vehicle-mounted data;
acquiring current time comprising a large time unit and a small time unit;
and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
10. The in-vehicle apparatus of claim 8, wherein the instructions for instructing the processor to generate each corresponding subkey based on the marker node for each piece of in-vehicle data comprise:
instructions for instructing the processor to:
for each marked node, determining a first child node of the marked node, a second child node of the marked node and a third child node of the marked node,
Generating a first child node key using the root key, the first child node, and the root node;
generating a second child node key using the first child node key, the second child node, the first child node, and the root node;
generating a subkey using the third subnode, the second subnode, the first subnode, the root node, and the second subnode key.
11. The in-vehicle apparatus according to any one of claims 8 to 10, characterized by further comprising:
instructions for instructing the processor to:
after receiving a request for acquiring an aggregation key of a common child node group, generating the aggregation key for the common child node group based on the hierarchical relationship of the root key and child nodes in the common child node group;
transmitting the generated aggregation key to a service device.
12. The in-vehicle apparatus according to claim 9, wherein the large time unit includes a time unit larger than the small time unit.
13. An apparatus for controlling access to vehicle-mounted data of a vehicle, wherein the vehicle-mounted data is collected and marked with nodes on a node tree structure, the vehicle-mounted data is encrypted by a vehicle-mounted apparatus provided in the vehicle and stored on a cloud server, the apparatus is a service apparatus or a mobile apparatus, the apparatus comprising:
A processor;
a non-transitory medium readable by the processor, the non-transitory medium storing instructions that, when executed by the processor, cause the processor to:
transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received;
receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure;
determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data;
requesting an aggregate key for the common set of child nodes;
generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node for each piece of encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding piece of encrypted vehicle-mounted data.
14. The apparatus of claim 13, wherein the node tree structure further comprises:
a first child node associated with a class element, a second child node associated with a large time unit, a third child node associated with a small time unit,
Wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to a root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
the instructions for instructing the processor to tag a node for each piece of vehicle-mounted data collected further comprise:
for each node, instructions for instructing the processor to:
determining class elements of the collected vehicle-mounted data;
acquiring current time comprising a large time unit and a small time unit;
and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
15. The apparatus of claim 13 or 14, wherein the instructions for instructing the processor to generate a subkey for each piece of encrypted vehicle data received based on the requested aggregate key and the tag node of each piece of encrypted vehicle data received comprise:
for each marker node, instructions for instructing the processor to:
generating a first child node key for a first child node of the marker node based on the aggregate key, the root node, and the first child node;
Generating a second child node key for a second child node based on the first child node key, the root node, the first child node, and a second child node of the marker node;
the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
16. The apparatus of claim 13 or 14, wherein the instructions for instructing the processor to generate a subkey for each piece of encrypted vehicle data received based on the requested aggregate key and the tag node of each piece of encrypted vehicle data received comprise:
for each marker node, instructions for instructing the processor to:
generating a second child node key for a second child node based on the aggregate key, the root node, the first child node of the marker node, and the second child node of the marker node;
the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
17. The apparatus of claim 13 or 14, wherein the instructions for instructing the processor to generate a subkey for each piece of encrypted vehicle data received based on the requested aggregate key and the tag node of each piece of encrypted vehicle data received comprise:
for each marker node, instructions for instructing the processor to:
the subkey is generated for the marked node based on the aggregate key, the root node, the first child node of the marked node, the second child node of the marked node, and the third child node of the marked node.
18. The device according to claim 13 or 14, characterized in that when the device is the mobile device, it further comprises: instructions for instructing the processor to: retrieving a shared secret from the in-vehicle device, the in-vehicle device thereby learning the shared secret;
encrypting the shared secret and transmitting the encrypted shared secret to the vehicle-mounted device to negotiate a shared encryption key for establishing secure communications between the mobile device and the vehicle-mounted device.
19. The device of claim 18, wherein when the device is the mobile device, further comprising:
Instructions for instructing the processor to:
after receiving a request for obtaining the aggregation key of the common child node group, the aggregation key is generated for the common child node group based on a hierarchical relationship of a root key and child nodes in the common child node group.
20. The apparatus of claim 14, wherein the large time units comprise time units greater than the small time units.
21. A method for generating encrypted in-vehicle data by an in-vehicle apparatus provided in a vehicle, the method comprising:
collecting vehicle-mounted data of the vehicle, wherein each vehicle-mounted data is marked with an identity, and each identity is represented as a node on a node tree structure, and the node tree structure comprises a root node associated with the vehicle;
encrypting each piece of the collected vehicle-mounted data using a corresponding sub-key, wherein each corresponding sub-key is generated based on a marker node of each piece of the vehicle-mounted data and a root key corresponding to the root node;
and transmitting the encrypted vehicle-mounted data and the marking node thereof to a cloud server.
22. The method of claim 21, wherein the node tree structure further comprises a first child node associated with a class element, a second child node associated with a large time unit, and a third child node associated with a small time unit;
Wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to the root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
each identity is represented as a node on the node tree by: determining class elements of the collected vehicle-mounted data;
acquiring current time comprising a large time unit and a small time unit;
and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
23. The method of claim 21 or 22, wherein the generating each corresponding subkey based on the marker node for each piece of in-vehicle data comprises:
determining a first sub-node, a second sub-node and a third sub-node of the marker node of each piece of the collected vehicle-mounted data, for each marker node:
generating a first child node key using the root key, the first child node of the marker node, and the root node;
generating a second child node key using the first child node key, a second child node of the marker node, the first child node, and the root node;
Generating a subkey using a third subnode of the marked node, the second subnode, the first subnode, the root node, and the second subnode key.
24. The method according to claim 21 or 22, further comprising:
after receiving a request for acquiring an aggregation key of a common child node group, generating the aggregation key for the common child node group based on the hierarchical relationship of the root key and child nodes in the common child node group;
transmitting the generated aggregation key to a service device.
25. The method of claim 22, wherein the large time units comprise time units greater than the small time units.
26. A method for controlling access to vehicle-mounted data of a vehicle, wherein the vehicle-mounted data is collected and marked with nodes on a node tree structure, the vehicle-mounted data is encrypted by a vehicle-mounted device provided in the vehicle and stored on a cloud server, the method implemented by a service device or a mobile device comprising:
transmitting a request to the cloud server, wherein the request includes a time period, and the cloud server retrieves encrypted vehicle-mounted data having a marker node corresponding to the time period when the request is received;
Receiving the retrieved encrypted vehicle-mounted data from the cloud server and the marked nodes thereof, wherein each node represents one node on the node tree structure;
determining a set of child nodes common to the marker nodes of the received encrypted vehicle-mounted data;
requesting an aggregation key for the common set of child nodes;
generating a sub-key for each piece of received encrypted vehicle-mounted data based on the requested aggregate key and the received marking node for each piece of encrypted vehicle-mounted data, wherein each generated sub-key is used for decrypting the corresponding piece of encrypted vehicle-mounted data.
27. The method of claim 26, wherein the node tree structure further comprises:
a first child node associated with a class element, a second child node associated with a large time unit, a third child node associated with a small time unit,
wherein the hierarchical relationship of the first, second and third child nodes is defined as: the first child node is connected to a root node, the second child node is connected to the first child node, and the third child node is connected to the second child node;
each piece of collected vehicle-mounted data is marked with a node by the following method:
Determining class elements of the collected vehicle-mounted data;
acquiring current time comprising a large time unit and a small time unit;
and identifying the node corresponding to the identity on the node tree structure based on the determined class element and the acquired current time.
28. The method of claim 27, wherein the large time units comprise time units greater than the small time units.
29. The method according to claim 26 or 27, wherein the step of generating a subkey for each piece of encrypted vehicle data received based on the requested aggregate key and the tag node of each piece of encrypted vehicle data received comprises:
for each of the marked nodes,
generating a first child node key for a first child node of the marker node based on the aggregate key, the root node, and the first child node;
generating a second child node key for a second child node based on the first child node key, the root node, the first child node, and a second child node of the marker node;
the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
30. The method according to claim 26 or 27, wherein the step of generating a subkey for each piece of encrypted vehicle data received based on the requested aggregate key and the tag node of each piece of encrypted vehicle data received comprises:
generating a second child node key for a second child node based on the aggregate key, the root node, the first child node of the marker node, and the second child node of the marker node;
the subkey is generated for the marked node based on the second subnode key, the root node, the first subnode, the second subnode, and a third subnode of the marked node.
31. The method according to claim 26 or 27, wherein the step of generating a subkey for each piece of encrypted vehicle data received based on the requested aggregate key and the tag node of each piece of encrypted vehicle data received comprises:
the subkey is generated for the marked node based on the aggregate key, the root node, the first child node of the marked node, the second child node of the marked node, and the third child node of the marked node.
32. The method according to any one of claims 26 to 28, wherein the method is implemented by the mobile device, the method further comprising:
retrieving a shared secret from the in-vehicle device, the in-vehicle device thereby learning the shared secret;
encrypting the shared secret and transmitting the encrypted shared secret to the vehicle-mounted device to negotiate a shared encryption key for establishing secure communications between the mobile device and the vehicle-mounted device.
33. The method of claim 32, wherein the method is performed by the mobile device, the method further comprising:
after receiving a request for obtaining the aggregation key of the common child node group, the aggregation key is generated for the common child node group based on a hierarchical relationship of a root key and child nodes in the common child node group.
CN201780061474.9A 2016-10-31 2017-10-30 System and method for controlling access to encrypted vehicle-mounted data Active CN109791566B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
SG10201609090XA SG10201609090XA (en) 2016-10-31 2016-10-31 System and method for controlling access to encrypted vehicular data
SG10201609090X 2016-10-31
PCT/SG2017/050542 WO2018080401A1 (en) 2016-10-31 2017-10-30 System and method for controlling access to encrypted vehicular data

Publications (2)

Publication Number Publication Date
CN109791566A CN109791566A (en) 2019-05-21
CN109791566B true CN109791566B (en) 2023-09-12

Family

ID=60302431

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780061474.9A Active CN109791566B (en) 2016-10-31 2017-10-30 System and method for controlling access to encrypted vehicle-mounted data

Country Status (5)

Country Link
US (1) US11146390B2 (en)
EP (1) EP3529710B1 (en)
CN (1) CN109791566B (en)
SG (1) SG10201609090XA (en)
WO (1) WO2018080401A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7030559B2 (en) * 2018-02-27 2022-03-07 本田技研工業株式会社 Data registration system
WO2020035832A1 (en) * 2018-08-17 2020-02-20 Gentex Corporation Vehicle configurable transmitter for allowing cloud-based transfer of data between vehicles
CN111324896A (en) * 2018-12-13 2020-06-23 航天信息股份有限公司 Method and device for writing vehicle service information and computing equipment
US20200380148A1 (en) * 2019-06-03 2020-12-03 Otonomo Technologies Ltd. Method and system for aggregating users' consent
EP3846382A4 (en) * 2019-08-16 2022-03-30 Huawei Technologies Co., Ltd. Method and device for data transmission between internet of vehicles devices
CN113572795B (en) * 2020-04-28 2023-10-27 广州汽车集团股份有限公司 Vehicle safety communication method, system and vehicle-mounted terminal
US11784798B2 (en) * 2021-03-30 2023-10-10 Visa International Service Association System, method, and computer program product for data security
CN114422204A (en) * 2021-12-29 2022-04-29 中国电信股份有限公司 Data transmission system, data transmission method, data transmission equipment and data transmission medium
EP4242942A1 (en) 2022-03-10 2023-09-13 Volvo Truck Corporation System and method for storing and sharing repair and maintenance information

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1481631A (en) * 2000-10-13 2004-03-10 ����˹�����ң��ϵͳ��˾ Automotive telemetry protocol
CN101218781A (en) * 2005-07-11 2008-07-09 微软公司 Secure key management for scalable codestreams
CN102057618A (en) * 2008-06-23 2011-05-11 松下电器产业株式会社 Information processing device, encryption key management method, computer program and integrated circuit
CN103891195A (en) * 2011-09-28 2014-06-25 皇家飞利浦有限公司 Hierarchical attribute-based encryption and decryption
CN104040935A (en) * 2012-12-14 2014-09-10 华为技术有限公司 Method and device for data encryption and decryption
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN104780175A (en) * 2015-04-24 2015-07-15 广东电网有限责任公司信息中心 Hierarchical classification access authorization management method based on roles
CN105704245A (en) * 2016-04-12 2016-06-22 成都景博信息技术有限公司 IOV (Internet of Vehicles) based mass data processing method
US9432192B1 (en) * 2014-03-28 2016-08-30 Emc Corporation Content aware hierarchical encryption for secure storage systems

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100030423A1 (en) * 1999-06-17 2010-02-04 Paxgrid Telemetric Systems, Inc. Automotive telemetry protocol
US8837718B2 (en) * 2009-03-27 2014-09-16 Microsoft Corporation User-specified sharing of data via policy and/or inference from a hierarchical cryptographic store
IT1396303B1 (en) 2009-10-12 2012-11-16 Re Lab S R L METHOD AND SYSTEM FOR PROCESSING INFORMATION RELATING TO A VEHICLE
CN202394110U (en) 2011-11-09 2012-08-22 张红泉 Remote diagnostic device for automobile fault
US9014876B2 (en) * 2012-06-19 2015-04-21 Telogis, Inc. System for processing fleet vehicle operation information
US9084118B2 (en) * 2013-03-14 2015-07-14 General Motors Llc Controlling access to a mobile device
US10454970B2 (en) * 2014-06-30 2019-10-22 Vescel, Llc Authorization of access to a data resource in addition to specific actions to be performed on the data resource based on an authorized context enforced by a use policy
CN104486366A (en) 2014-10-30 2015-04-01 深圳市元征科技股份有限公司 Vehicle Internet communication system and method
CN105450645B (en) * 2015-12-01 2018-06-12 上海汽车集团股份有限公司 On-board automatic diagnosis system data transmission method
US11831654B2 (en) * 2015-12-22 2023-11-28 Mcafee, Llc Secure over-the-air updates

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1481631A (en) * 2000-10-13 2004-03-10 ����˹�����ң��ϵͳ��˾ Automotive telemetry protocol
CN101218781A (en) * 2005-07-11 2008-07-09 微软公司 Secure key management for scalable codestreams
CN102057618A (en) * 2008-06-23 2011-05-11 松下电器产业株式会社 Information processing device, encryption key management method, computer program and integrated circuit
CN103891195A (en) * 2011-09-28 2014-06-25 皇家飞利浦有限公司 Hierarchical attribute-based encryption and decryption
CN104040935A (en) * 2012-12-14 2014-09-10 华为技术有限公司 Method and device for data encryption and decryption
US9432192B1 (en) * 2014-03-28 2016-08-30 Emc Corporation Content aware hierarchical encryption for secure storage systems
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN104780175A (en) * 2015-04-24 2015-07-15 广东电网有限责任公司信息中心 Hierarchical classification access authorization management method based on roles
CN105704245A (en) * 2016-04-12 2016-06-22 成都景博信息技术有限公司 IOV (Internet of Vehicles) based mass data processing method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
开放网络环境下敏感数据安全与防泄密关键技术研究;闫玺玺;《中国博士学位论文全文数据库 信息科技辑》;20130115;I139-28 *

Also Published As

Publication number Publication date
CN109791566A (en) 2019-05-21
US20190260580A1 (en) 2019-08-22
SG10201609090XA (en) 2018-05-30
US11146390B2 (en) 2021-10-12
WO2018080401A1 (en) 2018-05-03
EP3529710A1 (en) 2019-08-28
EP3529710B1 (en) 2020-08-19

Similar Documents

Publication Publication Date Title
CN109791566B (en) System and method for controlling access to encrypted vehicle-mounted data
JP6923228B2 (en) Reliable vehicle telematics using blockchain data analysis
Lam et al. ANT-centric IoT security reference architecture—Security-by-design for satellite-enabled smart cities
EP3084676B1 (en) Secure vehicular data management with enhanced privacy
US10091230B1 (en) Aggregating identity data from multiple sources for user controlled distribution to trusted risk engines
WO2016031149A1 (en) Vehicular data conversion device and vehicular data output method
US11263329B2 (en) Method, computer-readable medium, system and vehicle comprising the system for providing a data record of a vehicle to a third party
US20200213331A1 (en) Data service system
KR20210065012A (en) Certificate management server based on blockchain and method thereof and computer program
US11652804B2 (en) Data privacy system
Fan et al. Secure ultra-lightweight RFID mutual authentication protocol based on transparent computing for IoV
US11271971B1 (en) Device for facilitating managing cyber security health of a connected and autonomous vehicle (CAV)
GB2605679A (en) Sharing data among different service providers at edge level through collaboration channels
Pesé et al. Carlab: Framework for vehicular data collection and processing
US20140033319A1 (en) Collecting Data from Processor-Based Devices
CN115088232A (en) Data encryption method, data transmission method, related device and equipment
CN116366289A (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
US10404697B1 (en) Systems and methods for using vehicles as information sources for knowledge-based authentication
Kathiresh et al. Vehicle diagnostics over internet protocol and over-the-air updates
KR101986690B1 (en) Key chain management method and key chain management system for end-to-end encryption of message
JP6669154B2 (en) Vehicle data conversion device and vehicle data output method
US20240129735A1 (en) Mobility service providing system, mobility service providing server, vehicle data providing method, and storage medium
US20230382329A1 (en) Vehicle-based health monitoring
CN112448928B (en) Credential obtaining method and device
Kim et al. A Study on SES-Based Information Security Framework for Autonomous Vehicle Controlling Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant